Yeah, running it isn't really the problem. Managing the key when you don't use it for email is the bit that got painful.
We're not supposed to be using the pgp on minotaur; so my TODO is to figure out how to get my key off of there, hope I still know the passphrase, come up with some kind of more-secure-than-minotaur machine to put it on (really not sure where I'd put it) and get things started there. I know - I'm being lame :) Hen On 3/2/06, Phil Steitz <[EMAIL PROTECTED]> wrote: > Yep, and if you are really lazy and have a command shell available, you can > use > the scripts referenced here to do the signing, verify the sigs and > create the symlinks: > http://jakarta.apache.org/commons/releases/release.html#16%20Miscellaneous > > Phil > > On 3/2/06, sebb <[EMAIL PROTECTED]> wrote: > > Here's an Ant target we use in JMeter for creating MD5 checksums: > > > > <!-- > > Utility target to create MD5 checksums in standard format (with > > *filename) > > Usage: > > <antcall target="_md5"> > > <param name="path" value="${dist.dir}/${dist.name}_src.tar"/> > > </antcall> > > --> > > <target name="_md5" unless="md5.skip"> > > <echo message="Creating MD5 for ${path}"/> > > <basename property="_base" file="${path}"/> > > <checksum file="${path}" property="md5"/> > > <echo message="${md5} *${_base}" file="${path}.md5"/> > > </target> > > > > Creating a PGP key is as simple as: > > > > $ gpg -ba file > > > > or using the verbose flags: > > > > $ gpg --armor --output foo.tar.gz.asc --detach-sig foo.tar.gz > > > > once you have installed GnuPG (which is not all that difficult) > > > > See: http://www.apache.org/dev/release-signing.html > > > > S. > > On 02/03/06, Henri Yandell <[EMAIL PROTECTED]> wrote: > > > md5 bit is easy, given a command line. It's also easy to write Java > > > for, and I suspect Maven 2 will easily be doing that for us. > > > > > > PGP is the thing that stops me doing releases. I accept that it's > > > important, but that hasn't helped me grokk how to do it. > > > > > > Hen > > > > > > On 3/2/06, James Carman <[EMAIL PROTECTED]> wrote: > > > > I would have to agree that the release process is a bit daunting. > > > > That's > > > > why I haven't released Commons Proxy 1.0 yet. I really don't know how > > > > to do > > > > all of that stuff on the release preparation document (md5 signatures > > > > and > > > > the like). > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
